Home Router…, or Trojan Horse?

Nigel Kersh|February 5, 2019

Home Router…, Trojan Horse?

The world of cybersecurity is full of stories of technology secretly encroaching on our privacy. The most common attack comes from malware that we enable hackers to store on our computers or mobile devices. Most of us are familiar with these “Trojan horse” viruses that can open up our devices to cybercriminals. However, there is another piece of equipment that sits quietly flashing away in the majority of our living rooms—the home router—which also constitutes a security threat. This device, which most home users recognize as the gateway to the global Internet, can also act as an even more insidious pathway to our private files and data.

Anyone familiar with Greek mythology will recall the story of the wooden horse of Troy. This fable tells the tale of a retreating Greek army leaving behind a gift of a gigantic wooden horse at the gates of Troy. The Trojans, taking the horse as a sign of tribute in defeat from the retreating Greek army, haul the giant horse through the city gates of Troy. Unknown to the Trojans, the horse contained a small group of Greek soldiers who, when the Trojans had drunk themselves silly celebrating the win over their arch enemy, climb down out of the horse, open the gates, and allow their comrades to spring a surprise attack on the sleeping Trojans. And the rest is history, so to speak.

Why this detour into classical storytelling? Well, oddly enough, this story has direct relevance to home Internet users. For the majority of us, the pathway through which we connect to the global world of interconnected computing is the humble home router. This device sends and receives packets of data to and from our computer, and to and from the Internet superhighway. There’s nothing wrong with that—no router, no Internet, right? Correct… however, where things can go wrong is when that router becomes compromised and criminal hackers are then able to access your home network and steal your digital stuff.

In the past 12 months alone, there have been multiple cases of home routers being breached by Internet hackers who broke into networks to access sensitive information such as users’ banking credentials. Millions of routers have been compromised in this way, through attacks like the infamous VPNFilter and MicroTik hacking incidents. This link takes you to a web page that contains many additional incidents where hackers have easily passed through cursory levels of security to access home users’ computers and mobile devices. Home router vulnerability is real, and it’s growing. And with the forthcoming advent of 5G technology, those risks won’t be going away. In fact, with a significant increase in download speeds, it will take hackers even less time to access and download data from a target.

There are two real problems with home routers. One, they are nearly always left switched on, even when their users are asleep in bed, or out of the home. And two, they rarely, if ever, have their internal firmware updated. This is essentially a recipe for disaster. This predicament is so serious that organizations such as the US Federal Bureau of Investigation issued a series of public announcements providing remedial measures that home users could take to reduce the risk of their home networks being breached. Unfortunately, most of these recommendations are ineffective, such as periodically switching off your home router to “clean out” any resident malware. This is because many sophisticated malware intrusions can remain resident, even after the router is rebooted.

The key to the penetration of the home router has always been the use of Internet protocols. These are encoded procedures that determine the routing pathways and internetworking conventions that essentially define the Internet. Hackers can use vulnerabilities in these protocols to access networks connected to the routing devices themselves. One protocol example is the Wi-Fi Setup protocol or WPS. This convention can provide entry into a home network by simply entering the eight-digit PIN that is printed on the underside of the router itself. Any person with physical access to the router can use the WPS to access a home’s private data.

But it’s not all gloom and doom, and there are a number of effective measures that home router owners can take. These include the standard intermittent rebooting of your router, perhaps even every night when the network is not used, to changing router credentials from factory defaults. Further measures include regularly updating your router’s firmware. More drastic steps include purchasing a high-end router that will certainly have basic risky protocols disabled, which will help confound the efforts of hackers to crack the device.

But, probably the best advice of all is to place home Internet security firmly in the hands of your Internet Service Provider. Your ISP provides the best defense against malware by protecting both the source of your Internet connection as well as monitoring network activity in your home itself. Unfortunately, the ancient Trojans couldn’t put their trust in their local ISP and look what happened to them. For the best protection against malware attack and home router vulnerability—go ISP!